Information Security In Health Systems

By Ali Mosallanejad (Sami Ali), Seyedeh Hashemiyeh Mirrezaei, Zahra Amjadi and Mohammad Nikniya

In this work user’s privacy rules, security basics, protection of privacy, integration, and the availability data will be presented. Also it will explain about security program components, rules, processes, and standards, and also quality of management and risk analysis, assessment, identification and assessment of ancillary system.

• Language: English
• Publisher: Lulu.com
• Release date: Nov 24, 2016
• ISBN: 9781365557286

Book preview

Information Security In Health Systems

Information Security in Health Systems

Ali Mosallanejad (Sami Ali)

Seyedeh Hashemiyeh Mirrezaei

Zahra Amjadi

Mohammad Nikniya

Lulu Press, Inc.

3101 Hillsborough St, Raleigh, NC  27607

Copyright © 2016 Ali Mosallanejad, Seyedeh Hashemiyeh Mirrezaei,

Zahra Amjadi, Mohammad Nikniya

All rights reserved.

ISBN:

978-1-365-55728-6

Description: Image result for Lulu press logo

DEDICATION

To:

MirMohammad Ali Mirrezaei, PharmD,

For his 40 years of yeoman's service and his being selected as the nominated physician for more than 15 times.

Acknowledgement:

Picture123 (1)

Special thanks to our beloved legislator Mohammadreza Rezaee MD. who contributed us with advising this work.

CONTENTS

Introduction

Chapter 1: fundamentals of information security1

1-1.Fundamentals of information security in computer systems1

2-1.The importance of information security and securing computers 3

3-1.Intimidators of information security 4

4-1. Security tools and policies of computer systems9

5-1. Consequences of being unresponsive towards information security    15

6-1. The importance of security issues in sanitary care organization18

7-1. Security and confidentiality of health data21

8-1. Health Insurance Portability and Accountability Act (HIPAA)26

Chapter 2: fundamentals of risk32

1-2. The strategies of risk reduction32

2-2. Information security threats36

3-2. Fundamentals of security42

4-2. Risk management 54

5-2. Risk evaluation57

6-2. Detecting and evaluating alternative systems 58

7-2. Risk analysis63

8-2. Prohibition and actions control70

Chapter 3: Conclusion85

1-3. Conclusion85

References88

About the Authors91

introduction

Hospital information system is the use of necessary information production integrated system for the management of all activities related to health such as: Planning, supervision, coordination and making decision. The purpose of the establishing an information system hospital is the use of computer and communication equipment for collecting, reserve, processing, retrieval, linking patient care and administrative data for all activities related to hospital. In the following, electronic health records keep health care information during the life of the individual and to support of hospital activities. In continuation there are many worries about privacy policy and Procurement of the information security because patient’s medical records are available such as: some of the most private and confidential patient information and subsidized information from multiple locations. Security flaw will follow the risk of exposing information systems. Information security means access control and keeping information from intentional or unintentional disclosure to unauthorized and replacement persons; tampering or lack of information.

The information that is exchanged between doctor and patient should be confidential as much as possible so that the patient can confide his information with his doctor and receive the most efficient and effective treatment. The basic features of hospital information system that should even be shared among social care teams are patient privacy and respect to his willing about disclosure or nondisclosure of his records. Existing studies don’t know quite appropriate the principles and standards for maintaining the confidentiality of health information. Sedoughi and his co-workers declare that the status of medical records, the levels of access and confidentiality to medical records in Iran is far from of global standards. they also think privacy principles in this regard are important. Paying attention to the issues of data security, audit and control procedure are essential with the development of automation and the use of computer records. In the program, the importance of all industries except health care to the availability of sensitive information only to authorized people has received special attention. In health care organization, protecting the interest and rights of the patient’s interests first and foremost of importance rather than rights of organization.

Therefore, medical- health information security program must be recognized as a fundamental philosophy in recognition of the individual’s rights for privacy and confidentiality.

Nowadays, more health care organizations are in lack of the protective system for prevention, correction, and monitoring data violation, or in this field are weak, and they have a minimum operating budget case in point, the total economic losses caused by violations in the treatment are about six billion dollars annually.

Due to the moving towards an electronic system fully automatic treatment and electronic health records, more information is at risk, and data security privacy policies should be investigated urgently.

Using of automated technology increasingly (records, versions, and electronic invoices), and the trend towards